UBUNTU-CVE-2013-6367

The apicgettmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service divide-by-zero error and host OS crash via crafted modifications of the TMICT value...

UBUNTU-CVE-2013-6368

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization operation involving a page-end address...

kvm: division by zero in apic_get_tmcct()

The apicgettmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service divide-by-zero error and host OS crash via crafted modifications of the TMICT value...

kvm: division by zero in apic_get_tmcct()

The apicgettmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service divide-by-zero error and host OS crash via crafted modifications of the TMICT value...

kernel: kvm: memory leak when memory slot is moved with assigned device

Memory leak in the kvmsetmemoryregion function in virt/kvm/kvmmain.c in the Linux kernel before 3.9 allows local users to cause a denial of service memory consumption by leveraging certain device access to trigger movement of memory slots...

UBUNTU-CVE-2013-1943

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted...

kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service host OS memory corruption or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address GPA in 1 movable or 2...

kernel: kvm: pv_eoi guest updates with interrupts disabled

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux RHEL 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service host OS crash by leveraging a time window during which interrup...

kernel: kvm: missing check in kvm_set_memory_region()

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted...

kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME

The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME operation, which allows guest OS users to cause a denial of service buffer overflow and host OS memory corruption or possibly have...

UBUNTU-CVE-2013-1797

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service host OS memory corruption or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address GPA in 1 movable or 2...

kernel: vhost: fix length for cross region descriptor

The translatedesc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges...

DEBIAN-CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service crash via a long descriptor with a long vector length...

CentOS Update for xen CESA-2012:1130 centos5

Check for the Version of xen OpenVAS Vulnerability Test CentOS Update for xen CESA-2012:1130 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON()

The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service host OS crash by leveraging administrative access to the guest OS, related to the pmdnoneorclearbad function and page faults for huge pages...

kvm: device assignment page leak

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service memory leak and host OS crash by leveraging administrative access to the guest OS to conduct hotunplug an...

UBUNTU-CVE-2012-1179

The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service host OS crash by leveraging administrative access to the guest OS, related to the pmdnoneorclearbad function and page faults for huge pages. A privileged user in the KVM guest can use this flaw to...

UBUNTU-CVE-2012-1601

The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service NULL pointer dereference and host OS crash by making a KVMCREATEIRQCHIP ioctl call after a virtual CPU already exists...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

kernel: kvm: pit timer with no irqchip crashes the system

The createpittimer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer PIT interrupt requests IRQs when a virtual interrupt controller irqchip is not available, which allows local users to cause a denial of service NUL...